<?php
session_start();
try {
    if(!$_GET['xh'])throw new Exception('必须提供要删除记录的学号信息~');
    $hasRight=$_SESSION['user']['xh']===$_GET['xh'] || $_SESSION['user']['isAdmin'];//判断用户是否有修改的权限
    if(!$hasRight)throw new Exception('Sorry, 你没有删除他人记录的权限~');
    $db = new PDO('mysql:host=localhost;dbname=db2', 'root', '12qwas');
    $db->prepare("delete from students where xh=?")->execute(array($_GET['xh']));
    header("Location: index.php") or die();
}catch(Exception $e){
    $msg=$e->getMessage();
}
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>删除记录</title>
    <style>h1{ color:red;}</style>
</head>
<body>
<h1>删除记录错误信息</h1>
<p><?= $msg ?></p>
</body>
</html>